Multiple fake/evil twin pages of “HBL Internet Banking” have been found targeting users to rob them off from their credentials. A domain “https[:]//airac[.]org[.]do” having fake/evil twin pages of “HBL Internet Banking” hosted on it. The purpose of these fake/evil twin pages is to steal the credentials of the Internet Banking users.
Moreover, upon analysis we have found that the fake/evil twin Internet Banking pages of different Banks of Pakistan and FBR return portal showing Internet Banking Links and Images of different Pakistani Banks on the same domain.
These type of urls are mostly used in phishing email campaign as the URLs are anchored behind any image or legitimate text and upon clicking the users are directed to the fake Internet Banking Pages so that the user enters the details and other confidential details like OTP, Transaction Code/Password, Card Number and CVV.